Master Services Agreement

Last Updated November 9, 2024

This Master Services Agreement (“MSA” or “Agreement”) is between the customer identified in the applicable ordering document (“Customer,” “you” or “your”) and Kisi, Incorporated. (“Kisi,” “we,” “us,” or “our”), and governs Customer’s access to and use of Kisi’s enterprise Software-as-a-Service platform for physical security, related hardware, and related hosting and other support services (collectively, the “Services”) made available through Kisi’s and our affiliated third-party websites and desktop or mobile applications (collectively, the “Platform”).

Reference is hereby made to the Kisi End User Agreement (“EUA”) located at https://www.getkisi.com/legal/eula, the terms of which are incorporated into this Agreement. For any conflicts between this Agreement and the EUA, please refer to Section 12.3.

This MSA also references ordering documents between the parties, hereinafter referred to as the “Order Form(s)”, the terms of which are incorporated into this Agreement.

1. KISI’S RESPONSIBILITIES

1.1 Provision of the Services. During the applicable Order Form Term (as defined in Section 5.1 (Term and Order Form Term) below), we grant you a revocable, nonexclusive, non-sublicensable, non-transferable, limited license to (a) access and use the Services described in the Order Form, solely in accordance with any usage or license limitations set forth in the Order Form; and (b) access and use any APIs provided by Kisi (the “Kisi API(s)”) to facilitate your use of the Services. The definition “Services” as used in this MSA is comprehensive of the Platform, software that may be downloadable through the Platform or otherwise provided by Kisi (including the Kisi APIs), technical support, hosting services, and any documentation provided in connection with the Services. You agree that you will not provide access to the Services to any third-party except your (and your authorized Affiliates’) employees and contractors for their internal use in connection with this Agreement (“Authorized Users”) and agree that you are liable for your Authorized Users’ compliance with this Agreement.

1.2 Use of Contractors. Kisi subcontracts with third-party individuals (“Contractors”) to provide certain of its services. You agree that Kisi may sublicense its rights under this Agreement to Contractors, provided that Kisi will (a) be solely responsible for paying and resolving all disputes with Contractors; and (b) enter into a written agreement with each Contractor obligating the Contractor to protect the Customer Content and to comply with Kisi’s policies and Applicable Law (as defined in Section 2.2 (Prohibited Content) below).

1.3 Affiliates. Subject to credit approval by Kisi and your agreement to take full responsibility for Affiliates’ compliance with this Agreement, you may allow your Affiliate to order Services under the terms of this Agreement. Authorized Affiliates will be deemed a “Customer” for the applicable Order Form only. “Affiliate” means an entity that controls, is controlled by, or is under common control with a party, with “control” meaning direct or indirect ownership of (a) more than fifty percent (50%) of an entity’s voting interest; or (b) the right to receive more than fifty percent (50%) of an entity’s profits.

1.4 Support. During an Order Form Term, we will provide you with the maintenance and support services specified in Exhibit A for the Services described in the Order Form.

1.5 Data Security. We will make commercially reasonable efforts to maintain security in accordance with Exhibit B. You agree to assist Kisi in such efforts by making commercially reasonable efforts to prevent unauthorized access to or use of the Services, and agree to notify us promptly of any such unauthorized access or use.

2. CUSTOMER’S RESPONSIBILITIES

2.1 Customer Content. You acknowledge and agree that (a) you, not Kisi, are entirely responsible for the accuracy, quality, integrity, legality, reliability, appropriateness, and ownership or right to use video, audio and other materials, information and data (“Content”) uploaded, posted, transmitted or otherwise made available on the Platform and/or through the Services by you or on your behalf (“Customer Content”); (b) Kisi is not obligated to pre-screen Customer Content, although Kisi reserves the right in our reasonable discretion to pre-screen, refuse or remove any Customer Content; and (c) while we take reasonable measures to back-up Customer Content on our Platform, you are responsible for ensuring that you back-up your Customer Content. Subject to the terms of this Agreement, you grant Kisi a worldwide, royalty-free, non-exclusive license during the Term to sublicense, copy, reproduce, modify, use, perform, display, distribute and create derivative works of any and all Customer Content as necessary for Kisi to: (i) provide the Services to you; (ii) perform necessary maintenance, calibration, diagnostic and troubleshooting of the Platform, and to monitor the performance of the Platform; and (iii) to improve the Services, e.g., to train and maintain Kisi’s platform and other Kisi owned software. You also acknowledge and agree that we may collect, retain, use and disclose information relating to the performance of the Services and statistics and metrics regarding the Services (e.g., number of files transcribed using the Services across all Kisi customers), provided that such information is solely in an aggregated and anonymized format that does not identify Customer or any individual (“Aggregate Data”). For clarity, Aggregate Data will not be considered Customer Content or personal data.

2.2 Prohibited Content. Unless expressly agreed in an Order Form with respect to a certain type of Content, you must not nor permit others to submit, upload, email, transmit or otherwise make available through the Platform: (a) any Content not owned by you or for which you do not have all necessary authorization to make available through the Platform, including in accordance with all applicable intellectual property laws and data laws, regulations and privacy standards; (b) sensitive financial data (e.g., bank account numbers, credit card or debit card numbers, passwords, and other access codes for financial accounts); (c) personal health information subject to protection under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”); (d) Content that violates applicable provisions of foreign, federal, state or local laws, rules, regulations or orders of all governmental bodies, courts, tribunals and arbitrators (“Applicable Law”) or creates a security risk to any person (e.g., by exposing sensitive personal information); (e) illegal content (including but not limited to obscenity, sexual content involving minors); or (f) Content that a reasonable person would find abusive, harassing, threatening, defamatory, libelous, obscene, or otherwise objectionable. Kisi reserves the right to reject and/or remove any Customer Content that Kisi believes, in its reasonable discretion, violates this Section 2.2.

2.3 Restrictions. You agree not to, nor permit any other party to: (a) use, or cause others to use, any automated system or software to extract Content from the Platform; (b) interfere with or disrupt the Services or servers or networks connected to the Platform; (c) take any action that negatively affects the ability of others to access or use the Platform; (d) use the Services for any illegal or unauthorized purpose; (e) provide access to the Services to anyone but Authorized Users; (f) rent, lease, lend, sell or sublicense the Services or otherwise provide access to the Services as part of a service bureau or similar fee-for-service purpose; (g) reverse engineer, decode, decompile, disassemble or otherwise attempt to access or derive the source code or architectural framework of the Platform, Kisi APIs, or any other part of the Services; or (h) introduce any viruses to the Services. You agree that Kisi may establish general practices and limits concerning use of the Platform, including the maximum period that we will retain Customer Content on the Platform and the maximum storage space to be allotted on Kisi's servers on your behalf.

3. FEES AND PAYMENT TERMS

3.1 Fees. You agree to pay Kisi the fees stated in the applicable Order Form, in U.S. dollars, unless another currency is specified in the Order Form. If prices are not provided on the Order Form, you agree to pay Kisi’s published list prices for the Services.

3.2 Payment Terms. Invoices submitted by Kisi are due thirty (30) days from the date of invoice unless otherwise specified in the applicable Order Form. Payment for prepaid credits is due in accordance with the terms of the applicable Order Form. Kisi will not be required to utilize yours or a third-party’s billing application(s) in order to receive payment, and you agree that (a) Kisi may invoice you for any processing fees for any such billing mechanism that Kisi agrees to use; and (b) you are responsible for any wire transfer fees. Unpaid invoices are subject to a finance charge of 3% per month on any outstanding balance, or the maximum permitted by law, whichever is lower. If you dispute any charges you must let Kisi know within thirty (30) days after the date that Kisi invoices you; otherwise, such charges shall be considered undisputed and fully owed by you. The provision of Services under an Order Form is subject to timely payment and satisfactory credit approval of the Customer. Credit approval may be withdrawn at any time.

3.3 Prepaid Credits. If you purchase prepaid credits, we will add, on or about the effective date of the applicable Order Form, a credit balance equal to the prepaid credits listed on the Order Form to the Kisi account(s) listed on the Order Form. Prepaid credits purchased under an Order Form (a) are nonrefundable; (b) may be used only for Services during the applicable Order Form Term; and (c) will expire at the end of the applicable Order Form Term, unless otherwise stated in this Agreement or agreed to in writing. Upon automatic renewal of an Order Form, you agree to purchase prepaid credits in an amount equal to the amount of prepaid credits purchased in the prior Order Form Term.

3.4 Taxes. Customer is responsible for all taxes, duties or other fees imposed, assessed or collected by or under the authority of any governmental body (“Taxes”) imposed on the transaction or the delivery of Services (except Taxes based on Kisi’s net income or otherwise statutorily imposed on Kisi). Additional terms and conditions related to Taxes can be found in the EUA.

3.5 Duplicative Uploads. You acknowledge and agree that you are responsible for payment for any Services performed because of an accidental duplicative upload of Customer Content or your selection of the incorrect service type.

4. OWNERSHIP

4.1 Customer Ownership. Kisi acknowledges and agrees that, as between Customer and Kisi, Customer owns all rights, title and interest (including all rights associated with patents and inventions; copyrights, and other works of authorship (including moral rights)); trademarks, service marks, trade dress, trade names, logos and other source identifiers; trade secrets; and all other intellectual property (“Intellectual Property Rights”) in and to (a) the Customer Content; and (b) any translations, transcriptions, or captions or any derivative work of such Customer Content created through the Services (“Work Product”).

4.2 Kisi Ownership. Customer acknowledges and agrees that, as between Kisi and Customer, Kisi owns all right, title and interest (including all Intellectual Property Rights) in and to (a) the Platform; (b) Kisi’s software, and all improvements, enhancements or modifications to it; (c) the Kisi APIs and any software accessible through the Platform; (d) all information, text, links, graphics, photos, audio, video, and other forms of data or communication that users can view, access or otherwise interact with through the Services (except for Customer Content and Work Product); and (e) any and all Intellectual Property Rights related to the Hardware and Software (as such terms are defined in the EUA.

4.3 Feedback. You are not obligated to provide Kisi with any suggestions, comments, ideas, improvements or other feedback relating to the Services (“Feedback”). That said, if you (including Authorized Users) do provide Feedback to Kisi, (a) you acknowledge and agree that Feedback is non-confidential and provided voluntarily by you; and (b) you grant to Kisi a worldwide, perpetual, irrevocable, royalty-free license to any ideas, know-how, concepts, techniques, or other Intellectual Property Rights contained in the Feedback, for usage by Kisi for any purpose whatsoever, including, without limitation, for the improvement, marketing, and promotion of the Services.

4.4 Reservation of Rights. Each of the parties reserves all rights not expressly granted under this Agreement.

5. TERM AND TERMINATION

5.1 Term and Order Form Term. This MSA is effective on the earlier of: (a) the Effective Date; or (b) the effective date of the first Order Form (“Order Form Effective Date”) executed by Customer and Kisi, and will remain in effect until terminated in accordance with its terms (the “Term”). An Order Form will automatically renew for successive one-year periods unless (i) otherwise stated in the Order Form or the Agreement; or (ii) either party provides the other with written notification of intent to terminate at least sixty (60) days before the end of the then-current Order Form Term (the initial term of the Order Form and any subsequent renewal terms, the “Order Form Term”).

5.2 Suspension. We reserve the right to suspend your access to the Services: (a) in the event of your breach of Section 2.3 (Restrictions) or your failure to pay undisputed fees when due; (b) to prevent damage to, or degradation of, the Services, or unauthorized access to Customer Content; (c) to comply with Applicable Law; or (d) if our relationship with a third-party services provider expires, terminates or requires us to change the way we provide any part of the Services. We will use reasonable efforts to provide you with prior notice of any suspension of the Services, and will restore access to the Services as soon as practicable following the satisfactory resolution of the event giving rise to suspension. If Kisi suspends Services pursuant to subsection (a) above, (i) you remain responsible for all fees you have committed to for the Order Form Term; (ii) if you do not fully address the reasons for the suspension within thirty (30) days after we suspend, we may immediately terminate your license; and (iii) reinstatement of Services after suspension due to non-payment will be subject to a reinstatement fee of $250, in addition to any outstanding balance and applicable late fees. If Kisi suspends Services pursuant to subsections (b) through (d) above, and we are unable to provide you with Services for which you’ve prepaid during the applicable Order Form Term, we will refund you for any unused prepaid credits or other prepaid fee, as applicable, for Services you were unable to access during the suspension period.

5.3 Termination for Cause. This MSA or an Order Form may be terminated (a) by the non-breaching party upon a material breach of this Agreement by the other party, which breach, if curable, is not cured within thirty (30) days after receipt of written notice from the non-breaching party; (b) by Kisi immediately upon notice if necessary under subsections (b) through (d) of Section 5.2 (Suspension); or (c) by either party if the other party becomes insolvent or bankrupt; becomes the subject of any proceedings under bankruptcy, insolvency or debtor relief law; has a receiver or manager appointed; makes an assignment for the benefit of creditors; or takes the benefit of any Applicable Law in force for the winding up or liquidation of such party’s business.

5.4 Effect of Termination. Termination of an Order Form does not terminate this MSA or any other Order Form; however, termination of this MSA will result in the immediate termination of all Order Forms. Upon termination, any unpaid balance under any Order Form will immediately become due and payable and all remaining prepaid credits under any Order Form will expire; provided, however, that if this Agreement is terminated by you for Kisi’s uncured material breach under Section 5.3(a) above, or is terminated by Kisi pursuant to Section 5.3(b), Kisi will refund you, as applicable, any unused prepaid credits as of the date of termination, or other prepaid fee for the applicable Order Form Term prorated from the date of termination. Any provision that, by its terms, is intended to survive the expiration or termination of this Agreement will survive such expiration or termination, including Sections 4 (Ownership); 5.4 (Effect of Termination), 6 (Warranty); 7 (Indemnification); 8 (Limitation of Liability); 9 (Confidential Information; Data Protection); 11 (Publicity) (in accordance with the limitations therein) and 12 (Governing Law; General).

6. WARRANTY

6.1 Mutual Warranties. Each party represents and warrants that (a) it will comply with all Applicable Laws; and (b) in entering into the Agreement it does not rely on any promise, statement, representation or warranty (whether in writing or not) of any person (whether party to the Agreement or not) relating to the subject matter of the Agreement, other than as stated in the Agreement.

6.2 Kisi Warranty. Kisi represents and warrants that we will make commercially reasonable efforts to perform the Services in a professional and workmanlike manner with a level of care, skill, practice and judgment consistent with generally recognized industry standards and practices for similar services. We will use commercially reasonable efforts to remedy any material breach of this Section 6.2 by promptly re-performing the Services as long as you give us notice specifying the breach within a commercially reasonable period after discovering the breach.

6.3 DISCLAIMER. YOU ACKNOWLEDGE THAT THE SERVICES ARE PROVIDED USING AUTOMATED SOFTWARE, AND THEREFORE MAY CONTAIN ERRORS, WITH THE ERROR RATE IN ANY PARTICULAR DELIVERABLE DEPENDENT ON A NUMBER OF FACTORS. THE PLATFORM AND ALL SERVICES PROVIDED UNDER THIS AGREEMENT ARE PROVIDED “AS IS,” “AS AVAILABLE” AND “WITH ALL FAULTS,” AND, TO THE MAXIMUM EXTENT PERMITTED BY LAW, WITH THE EXCEPTION OF THE WARRANTY PROVIDED IN SECTION 6.2 (KISI WARRANTY), KISI HEREBY EXPRESSLY DISCLAIMS ALL WARRANTIES AND REPRESENTATIONS, EXPRESS OR IMPLIED, INCLUDING, WITHOUT LIMITATION: (A) THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT; AND (B) ANY WARRANTY WITH RESPECT TO THE QUALITY, ACCURACY, CURRENCY OR COMPLETENESS OF THE PLATFORM AND SERVICES OR ANY DATA OR RESULTS OBTAINED THROUGH THE PLATFORM, OR THAT USE OF THE PLATFORM AND SUCH SERVICES WILL BE ERROR-FREE, UNINTERRUPTED, FREE FROM OTHER FAILURES OR WILL MEET CUSTOMER’S OR AUTHORIZED USERS’ REQUIREMENTS. YOU ACKNOWLEDGE AND AGREE THAT YOU ARE SOLELY RESPONSIBLE FOR VERIFYING THE ACCURACY AND COMPLETENESS OF ALL WORK PRODUCT PROVIDED THROUGH THE SERVICES BEFORE TAKING OR OMITTING ANY ACTION BASED UPON SUCH WORK PRODUCT.

6.4 Hardware Warranty. The Hardware (as defined in the EUA) is covered by the Hardware warranty described in the EUA.

7. INDEMNIFICATION

7.1 Kisi Indemnification. Kisi will defend, indemnify and hold harmless you, your Affiliates and each of your directors, officers, employees, consultants, contractors, agents, or affiliated entities (the “Customer Indemnified Parties”) harmless from and against claims, demands, proceedings, regulatory actions, liabilities, losses, causes of action, damages, fines, judgments, and settlements brought by a third party (a “Claim”), including reimbursement of all reasonable legal fees and expenses, made or brought against a Customer Indemnified Party to the extent resulting from, or alleged to have resulted from, the Services’ or the Work Product’s infringement of a third-party Intellectual Property Right, unless caused by the combination, operation or use of the Services or Work Product with other applications, portions of applications, data, product(s) or services not provided by Kisi where the Services or Work Product would not by itself be infringing. If the Work Product or use of the Services by Customer has become, or in Kisi’s opinion is likely to become, the subject of any claim of infringement, Kisi may at its option and expense (a) procure for Customer the right to continue using and receiving the Services or applicable Work Product as set forth hereunder; (b) replace or modify the Services or applicable Work Product to make it non-infringing (with comparable functionality); or (c) if the options in clauses (a) or (b) are not reasonably practicable, terminate this Agreement in exchange for a refund of, as applicable, any unused prepaid credits or other prepaid fee for the applicable Order Form Term prorated from the date of termination.

7.2 Customer Indemnification. You will defend, indemnify, and hold harmless Kisi, our Affiliates, Contractors, and each of our directors, officers, employees, consultants, contractors, agents, or affiliated entities (the “Kisi Indemnified Parties”) from and against any Claim, including reimbursement of all reasonable legal fees and expenses, made or brought against a Kisi Indemnified Party to the extent resulting from or alleged to have resulted from (a) your breach of Sections 2.2 (Prohibited Content) or 2.3 (Restrictions); (b) use of the Services by you (including your Authorized Users) not in accordance with this Agreement; or (c) the combination, operation or use of the Services or Work Product with other applications, portions of applications, data, product(s) or services provided by you where the Services or Work Product would not by itself be infringing.

7.3 Indemnification Procedures. Each party will promptly notify the other in writing of any Claim; provided, however, that failure of the indemnified party to give such prompt written notice will not relieve the indemnifying party of any obligation to indemnify pursuant to this Section 7, except to the extent the indemnifying party has been prejudiced thereby. The indemnifying party will (a) control the defense of the Claim; and (b) obtain the other party’s prior written approval of the indemnifying party’s settlement or compromise of a Claim. The indemnified party will (i) not unreasonably withhold or delay its approval of the request for settlement or compromise; and (ii) assist and cooperate in the defense as reasonably requested by the indemnifying party at the indemnifying party’s expense.

8. LIMITATION OF LIABILITY. NOTWITHSTANDING ANYTHING IN THIS AGREEMENT TO THE CONTRARY, TO THE FULLEST EXTENT PERMITTED BY LAW, IN NO EVENT WILL EITHER PARTY BE LIABLE TO THE OTHER PARTY OR ANYONE, WHETHER BY BREACH OF WARRANTY, BREACH OF CONTRACT, NEGLIGENCE, OR ANY OTHER LEGAL THEORY OR CAUSE OF ACTION, (A) FOR ANY CONSEQUENTIAL, INCIDENTAL, INDIRECT, SPECIAL OR PUNITIVE DAMAGES OF SUCH OTHER PERSON, INCLUDING, WITHOUT LIMITATION, LOSS OF FUTURE REVENUE, INCOME OR PROFITS, DIMINUTION OF VALUE, OR LOSS OF BUSINESS REPUTATION OR OPPORTUNITY RELATING TO THE BREACH OR ALLEGED BREACH HEREOF, WHETHER OR NOT THE POSSIBILITY OF SUCH DAMAGES HAS BEEN DISCLOSED TO THE OTHER PARTY IN ADVANCE OR COULD REASONABLY HAVE BEEN FORESEEN BY SUCH OTHER PARTY; OR (B) FOR AN AMOUNT THAT EXCEEDS THE TOTAL AMOUNT PAID OR PAYABLE BY YOU TO KISI FOR THE SERVICES THAT ARE THE SUBJECT OF THE CLAIM IN THE TWELVE (12) MONTHS IMMEDIATELY PRECEDING THE EVENT(S) THAT FIRST GAVE RISE TO THE CLAIM. The limitations of liability stated in this Section 8 do not apply to: (i) a party’s indemnification obligations; (ii) a party’s liability for fraud, gross negligence or intentional misconduct; (iii) a party’s liability for death or personal injury; or (iv) Customer’s obligations with respect to fees due for Services hereunder (except as otherwise provided in this Agreement, e.g., in the event of early termination due to our breach of this Agreement).

9. CONFIDENTIAL INFORMATION; DATA PROTECTION

9.1 Definition. “Confidential Information” means any information disclosed under the Agreement that (a) if tangible, is clearly marked as “Confidential” or with a similar designation; (b) if intangible, is identified as “Confidential” by disclosure at the time of disclosure and confirmed in writing to recipient as being Confidential Information; or (c) from the relevant circumstances should reasonably be known by recipient to be confidential (e.g., pricing, Company data, business plans, trade secrets, personal data, etc.). Customer’s Confidential Information includes the Customer Content. Kisi’s Confidential Information includes all software, hardware specifications, and technology included in the Services. Confidential Information does not include Aggregate Data or information that: (i) was available to the recipient before disclosure of such information to the recipient and free of any confidentiality obligation in favor of the disclosing party and known to the recipient at the time of disclosure; (ii) is made available to the recipient from a third-party not known by the recipient at the time of such availability to be subject to a confidentiality obligation in favor of the disclosing party; (iii) is made available to third parties by the disclosing party without restriction on disclosing such information; (iv) is or becomes available to the public other than as a result of disclosure by the recipient prohibited by this Agreement; or (v) is developed independently by or on behalf of the recipient without reference to the disclosing party’s Confidential Information.

9.2 Non-Disclosure. Recipient will (a) use Confidential Information only for the purposes of furthering the business relationship between the parties; (b) protect Confidential Information using the same degree of care it uses to protect its own confidential information of a like nature, but in no event less than a reasonable degree of care; (c) not disclose Confidential Information to any third party except its personnel, consultants, subcontractors (including, with respect to Kisi, the Contractors), and professional advisors who have a need to know in order to carry out their obligations under the Agreement and are bound by agreements respecting confidential information; and (d) not modify, reverse engineer, decompile, create other works from, or disassemble any Confidential Information, to the extent applicable, unless authorized in writing by the disclosing party. If either Kisi or Customer receives a court subpoena, request for production of documents, court order or requirement of a government agency to disclose any Confidential Information, the recipient will give prompt written notice to the other party so that the request can be challenged or limited in scope by Kisi or Customer, as appropriate.

9.3 Data Protection. If Kisi processes Personal Data (as defined in Section 1 of the Kisi Data Processing Addendum located at https://www.getkisi.com/legal/dpa (“Data Processing Addendum” or “DPA”)) on behalf of Customer pursuant to this Agreement, Kisi and Customer will comply with the terms of the DPA, the terms of which are incorporated into this Agreement.

9.4 CCPA. Kisi will not provide Customer with any services or other consideration in exchange for Customer personal data, or otherwise engage in activities that qualifies as a "sale" under the California Consumer Privacy Act (“CCPA”) or other applicable law (hereinafter “selling”). Kisi will not sell any Customer personal data and agrees to refrain from any use or transfers of Customer personal data (including to or from a subprocessor or other third-party) that qualifies as selling. Except as necessary to provide Services to Customer, Kisi (a) will not collect, share or use any Customer personal data; and (b) will not have, derive or exercise any rights or benefits from Customer personal data. As applicable to the Services provided, Kisi will implement reasonable security measures as appropriate under Applicable Laws and reasonably assist Customer with any request received from an individual under the CCPA or other Applicable Law.

10. INSURANCE. During the Term of this Agreement, Kisi will maintain in force requisite insurance coverage for enterprises of similar size and scope.

11. PUBLICITY. Kisi agrees that we will not use your name, logo or trademarks without your prior written approval; provided, however, you agree that we may use your name, logo and trademarks in our marketing materials and website to indicate that you are (or were) a Kisi customer, or to identify you in connection with a previously published news article that Kisi re-publishes or links to on the getkisi.com website, in addition to any other publicity agreed to by you in writing, unless and until you request the removal of your name and trademarks.

12. GOVERNING LAW; GENERAL

12.1 Governing Law; Dispute Resolution. This Agreement is governed by the laws of the State of New York, excluding its conflicts of laws provisions. If any disputes arise, the parties will first attempt to resolve the dispute informally via good faith negotiation. If the dispute has not been resolved after 30 days, the parties will resolve any claim, dispute, or controversy (excluding any claims for injunctive or other equitable relief) by binding confidential arbitration before a single arbitrator administered by JAMS, its successors and assigns, in New York County, New York, unless otherwise agreed by the parties in writing, and pursuant to its arbitration rules. Each party will be responsible for paying any arbitration fees in accordance with the foregoing rules, and the award rendered by the arbitrator may include costs of arbitration, reasonable attorneys’ fees and reasonable costs for expert and other witnesses. Any judgment on the award rendered by the arbitrator may be entered in any court of competent jurisdiction. Nothing in this Section shall be deemed to prevent either party from seeking injunctive or other equitable relief from the courts as necessary to prevent the actual or threatened infringement, misappropriation, or violation of its data security, intellectual property rights or other proprietary rights.

12.2 Assignment. Either party may assign this Agreement to an Affiliate or a successor-in-interest that is not a competitor of the non-assigning party in connection with (a) the sale of all or substantially all of the assigning party’s assets; (b) any change in the ownership of more than fifty percent (50%) of the assigning party’s voting capital stock in one or more related transactions; or (c) the assigning party’s merger with or acquisition by such successor-in-interest. Except for the assignments set forth in the foregoing sentence, neither party will assign the Agreement in whole or in part without the other party’s prior written consent (which consent will not be unreasonably denied, delayed or conditioned). Any attempted assignment in violation of this restriction is void. The Agreement will bind and insure to the benefit of the parties, their respective successors and permitted assigns.

12.3 Entire Agreement. This Agreement contains the entire agreement of the parties with respect to the subject matter hereof and supersedes all previous or contemporaneous oral or written negotiations or agreements with respect to the subject matter hereof. If a conflict exists between any of the terms in the Agreement and other documents, then the Order Form will govern, followed by the EUA, the DPA and this MSA.

12.4 Amendment. The parties may amend the Agreement, including any Order Form, only in a written amendment signed by both parties. Any attempt to amend, modify or vary the terms of this MSA or any Order Form through a purchase order or invoice, or other document or communication not signed by the authorized representatives of both parties and referencing this Agreement will be void.

12.5 Independent Contractors. The relationship between Kisi and Customer established by this Agreement is solely that of independent contractors. Neither party is in any way the partner or agent of the other, nor is either party authorized or empowered to create or assume any obligation of any kind, implied or expressed, on behalf of the other party, without the express prior written consent of such other party.

12.6 Notices. A notice regarding termination of the Agreement for breach, indemnification, or other legal matter must be sent by electronic mail or overnight postal or courier service, if to Customer at the billing address or email address set forth on the Order Form or the address in Customer’s account records, and if to Kisi at finance@getlkisi.com, Attn: General Counsel. Kisi’s routine communications regarding the Services and legal notices will be posted on Kisi’s customer portal or sent by email or post to the individual(s) Customer designates as contact(s) on Customer’s account. Notices are deemed received as of the time posted or delivered, or if that time does not fall within a business day, as of the beginning of the first business day following the time posted or delivered. To count days for notice periods, the business day on which the notice is deemed received counts as the first day.

12.7 No Waiver. The failure of either party to require strict performance by the other party of any provision of this document will not affect the full right to require such performance at any time thereafter, nor will the waiver by either party of a breach of any provision of this document be taken or held to be a waiver of the provision itself.

12.8 Interpretation. In the Agreement, the words “include” and “including” will not be construed as terms of limitation.

12.9 Severability. If any provision of the Agreement is unenforceable, that provision will be modified to render it enforceable to the extent possible to give effect to the parties’ intentions and the remaining provisions will not be affected.

12.10 Force Majeure. Neither party will be liable for any failure to perform under this Agreement to the extent due to any act of God, fire, casualty, flood, war, strike, lock out, failure of public utilities, outages or slow-downs of the internet, outages at any of Kisi’s critical infrastructure providers, injunction or any act, exercise, assertion or requirement of any governmental authority, epidemic, pandemic, destruction of production facilities, insurrection or any other cause beyond the reasonable control of the party invoking this provision.

12.11 Counterparts and Electronic Signatures. Any Order Form, and any amendment to this Agreement or other ancillary agreement among the parties may be executed in one or more counterparts, each of which will be deemed to be an original and all of which, when taken together, will be considered to be one and the same agreement or document.

Exhibit A: Maintenance and Support

GENERAL

1. Contact. Customer may contact Kisi through support@getkisi.com or by calling 646-663-4880. For billing inquiries, please email billing@getkisi.com.
2. Hours. Kisi will provide maintenance and support during normal business hours, Monday through Friday, from 9:00 a.m. to 5:00 p.m. EST (excluding U.S. federal holidays) with extended coverage before and after business hours as well on weekends.

UPTIME

1. Percentage. Kisi will use commercially reasonable efforts to minimize downtime of the Platform and to ensure a Monthly Availability Percentage of 99.0%, except as set forth below. The Monthly Availability Percentage is calculated on an aggregate Monthly basis: Monthly Availability Percentage = (total minutes in the month – total number of minutes that the Platform is inoperable in that month) / total minutes in the month.
2. Exclusions. The Monthly Availability Percentage excludes: (1) periods of scheduled maintenance; (2) issues caused by factors outside Kisi’s reasonable control; (3) issues resulting from Customer’s actions or inactions, or the actions or inactions of a third-party, including, without limitation, Kisi’s suppliers; and (4) issues that result from Customer’s equipment or third-party equipment.

SERVICE LEVEL AGREEMENT (SLA)

1. Delivery. Kisi endeavors to meet or exceed delivery times as identified below. Kisi will endeavor to respond to support tickets within one-hundred-twenty (120) hours of receipt.
2. Exclusions. The Service Level Agreement excludes: (1) periods of scheduled or emergency maintenance; (2) issues caused by factors outside Kisi’s reasonable control; and (3) downtime.

Exhibit B: Security

Basic Security Requirements. Kisi will, consistent with current best industry standards and such other requirements specified by Customer based on the classification and sensitivity of Customer Information (as defined below), maintain physical, administrative and technical safeguards and other security measures to:

a. maintain the security and confidentiality of Customer Content and Customer’s Confidential Information (hereinafter collectively defined as ”Customer Information”) accessed, collected, used, stored or transmitted by Kisi, and

b. protect that information from known or reasonably anticipated threats or hazards to its security and integrity, accidental loss, alteration, disclosure and all other unlawful forms of processing.

Security Controls. Kisi will use commercial best efforts to comply with these requirements:

a. Firewall. Kisi will install and maintain a working network firewall to protect data accessible through the Internet and will keep all Customer Information protected by the firewall at all times.

b. Updates. Kisi will keep its systems and software up-to-date with the latest upgrades, updates, bug fixes, new versions and other modifications necessary to ensure security of the Customer Information.

c. Anti-malware. Kisi will at all times use anti-malware software on systems commonly affected by malware and will keep the anti-malware software up-to-date. Kisi will mitigate threats from all viruses, spyware and other malicious code that are or should have reasonably been detected.

d. Encryption. Kisi will encrypt data at rest and data sent across open networks in accordance with industry best practices.

e. Testing. Kisi will regularly test its security systems and processes to ensure they meet the requirements of this Security Policy.

f. Access Controls. Kisi will secure Customer Information, including by complying with these requirements:

i. Kisi will restrict access to Customer Information to only those people with a “need-to-know” to provide the Services or as otherwise agreed by Customer or specified in the Agreement.

ii. Kisi will not use manufacturer-supplied defaults for system passwords and other security parameters on any operating systems, software or other systems. Kisi will mandate and ensure the use of system-enforced “strong passwords” in accordance with the best practices (described below) on all systems hosting, processing, or that have or control access to Customer Information and will require that all passwords and access credentials are kept confidential and not shared among personnel.

iii. Kisi will regularly review access logs for signs of malicious behavior or unauthorized access.

g. Network Security Policy. Kisi will maintain and enforce an information and network security policy for employees, subcontractors, suppliers and agents that meets the standards in this Exhibit B, including methods to detect and log policy violations (“Security Policy”).

h. Subcontracts. The terms and conditions of the Security Policy will be binding upon Kisi’s subcontractors, including Contractors, and personnel. Kisi (a) will ensure that its subcontractors and personnel comply with the Security Policy, and (b) will be responsible for all acts, omissions, negligence and misconduct of its subcontractors and personnel.

i. Remote Access. Kisi will ensure that any access from outside protected corporate or production environments to systems holding Customer Information or Kisi’s corporate or development workstation networks requires multi-factor authentication (e.g., requires at least two separate factors for identifying users).

j. Deletion. Kisi will promptly (no more than thirty (30) days after Customer’s written request) permanently and securely delete all Customer Information upon Customer’s request. If requested by Customer, Kisi will certify in writing that all Customer Information has been destroyed.

Security Incidents.

a. Kisi will inform Customer within reasonable time after detecting any confirmed unauthorized access, collection, acquisition, use, transmission, disclosure, corruption or loss of Customer Information, or breach of any environment containing Customer Information (“Security Incident”).

b. Kisi will remedy each Security Incident promptly and provide Customer written details about Kisi’s internal investigation into each Security Incident. With respect to a Security Incident that affects only a subset ofi customers including Customer, (i) Kisi agrees not to notify any regulatory authority, nor any third party, on behalf of Customer unless Customer specifically requests in writing that Kisi do so, and Customer reserves the right to review and approve the form and content of any notification before it is provided to any party; and (ii) Kisi will cooperate and work together with Customer to formulate and execute a plan to remediate all confirmed Security Incidents.